Abstract
With the rapid development of Internet technology, more and more dynamic web sites based on the B/S three-tier architecture have been established. At the same time, the security issues exposed by the websites are increasing, and the situation is not optimistic. Today, a large number of Web systems use a database to store various data of a website, which may be the user’s personal information, or may be a company’s trade secret information. If this information is leaked, it is a huge loss and risk to the individual or the company. SQL injection attacks can achieve the purpose of obtaining illegal data, so it is conceivable that the harm of SQL injection is huge. From the point of view of SQL injection, SQL injection attacks are still one of the most common and most dangerous attacks. This paper introduces the concept and technical principle of SQL injection attack, introduces the type of SQL injection, analyzes the basic implementation process of SQL injection attack, and finally gives the defense method of preventing SQL injection and summarizes some researches on SQL injection.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Tan, J.: OWASP releases top ten web application security risks. Comput. Netw. (23), 52–53(2017)
Puppy, F.R.: How I hacked PacketStorm: a look at hacking WWW threads by means of SQL—part 2. EDPACS 28(3), 1–6 (2000)
Cheng, J., Xu, R., Tang, X., Sheng, V.S., Cai, C., et al.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Continua 55(1), 095–119 (2018)
Ou, X., Yang, S.: Study on the principle and prevention technology of SQL injection attack. Digital Technol. Appl. (04), 216 (2016)
Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: IEEE International Symposium on Secure Software Engineering, vol. 1, pp. 13–15, March 2006
Shi, H., Ye, W.: SQL Injection Attack and Defense, 2nd edn. Tsinghua University Press, Beijing (2013)
Xu, J.: SQL injection attack principle and application in database security. Comput. Program. Skills Maint. (18), 104–106(2009)
Bo, Z.: Research on SQL injection attack and detection technology. Inf. Secur. Commun. Secur. (5), 90–92 (2010)
Herrero, Á., Corchado, E., Bajo, J., Pinzón, C.I., De Paz, J.F., Corchado, J.M.: idMAS-SQL: intrusion detection based on MAS to detect and block SQL injection through data mining. Inf. Sci. 231, 15–31 (2013)
Kieyzuna, A., Guo, P.J., Jayaraman, K, et al.: Automatic creation of SQL injection and cross-site scripting attacks. In: Proceedings of the 31st International Conference on Software Engineering (ICSE), pp. 199–209. IEEE Computer Society, Washington, DC (2009)
Ollmann, G.: Second-order code injection attacks. Technical report. NGSSoftware Insight Security Research (2004)
Fu, X., Gong, X.: A general encoding method for solving SQL injection vulnerabilities. J. Yancheng Inst. Technol.: Nat. Sci. Ed. (1), 5–8(2015)
Muthuprasanna, M., Wei, K., Kothari, S.: Eliminating SQL injection attacks - a transparent defense mechanism. In: Eighth IEEE International Symposium on Web Site Evolution. IEEE Computer Society (2006)
Min, W., Kun, L.: An improved eliminating SQL injection attacks based regular expressions matching. In: International Conference on Control Engineering & Communication Technology. IEEE Computer Society (2012)
Balasundram, I., Ramaraj, E.: An Authentication scheme for Preventing SQL Injection Attack Using Hybrid Encryption (PSQL1-HBE) 53(3), 359–368 (2011). ISSN 1450-216 X
Mittal, P., Jena, S.K.: A fast and secure way to prevent SQL injection attacks. In: Information & Communication Technologies. IEEE (2013)
Duhan, N., Saneja, B.: A two tier defense against SQL injection. In: International Conference on Signal Propagation & Computer Technology. IEEE (2014)
Voitovych, O.P., Yuvkovetskyi, O.S., Kupershtein, L.M.: SQL injection prevention system. In: Radio Electronics & Info Communications. IEEE (2016)
Lin, J.C., Chen, J.M., Liu, C.H.: An automatic mechanism for sanitizing malicious injection. In: International Conference for Young Computer Scientists. IEEE (2008)
Qi, C.: Web security development: SQL injection attacks and web page hanging horses. Programmer (7), 102–104 (2008)
Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q., et al.: Network security situation awareness framework based on threat intelligence. Comput. Mater. Continua 56(3), 381–399 (2018)
Acknowledgments
This work is funded by the National Key Research and Development Plan (Grant No. 2018YFB0803504) and the National Natural Science Foundation of China (No. U1636215).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, Z., Li, M., Cui, X., Sun, Y. (2019). Research on SQL Injection and Defense Technology. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-24268-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24267-1
Online ISBN: 978-3-030-24268-8
eBook Packages: Computer ScienceComputer Science (R0)